Case Study

Recorded Future Helps Large Financial Institution Proactively Anticipate and Mitigate Payment Fraud

Recorded Future has truly helped us to mitigate fraud, and many different stakeholders can all come to an agreement that the intelligence provided has been really worthwhile."

Intelligence on Compromised Cards and Card Checkers Provides Proactive Warning Signs of Potential Fraud

As payment fraud continues to rack up billions of dollars in losses, financial institutions are looking for new ways to protect their cardholders. Reactively attempting to limit losses after a fraudulent transaction occurs is no longer sufficient. To protect their cardholders, one of the nation’s largest financial service providers is taking a proactive approach to detecting and mitigating payment fraud before it occurs.

Previously, the institution’s Cyber Threat Intelligence (CTI) and Fraud teams relied on specific behavior rules to alert them to suspicious cardholder activity, typically after fraudulent transactions had occurred. For example, if someone were to suddenly purchase a large amount of gift cards the fraud rules may kick in. However, they had limited information on what threat actors were doing on the dark web, leaving them blind to threat actors’ new tools, tactics, and procedures used to skim, sell, and validate compromised cards.

These days the CTI and Fraud teams rely on Recorded Future’s Payment Fraud Intelligence for valuable external data about threat actor activity on the dark web. By helping to detect compromised cards and known tester merchants (merchants being used by fraudsters to test the validity of stolen cards), the data provided by Recorded Future identifies accounts at higher risk of fraud. Enriching the institution’s fraud rules with this actionable data enables them to disrupt fraudsters before they can monetize stolen payment data, preventing fraud and cardholder disruption from occurring.

Actionability and Automation Stop Fraud in Its Tracks

Recorded Future Payment Fraud Intelligence identifies compromised cards being sold on dark web carding shops, and provides the institution with a continuously updated feed to match the stolen payment card information with their internal records. This helps enhance the detection rules in place, and enables them to take proactive measures to ensure fraudulent activity is blocked.

We find a lot of stolen cards manually and it's worth the human resources to do it, but that approach doesn't compete with the automation that comes from the highly actionable feeds that Recorded Future gives us."

Actionability of the data is critical. “If it’s not actionable, it’s a big waste of time, both for the internal associates and for our cardholders,” explains the CTI VP. When fighting fraud, time is of the essence. The sooner fraudulent behavior is detected, the lower the financial losses. “When transactions occur on customer cards identified by Recorded Future as being present on the dark web or used on known tester merchants, most of the time the transaction is actually fraudulent,” says the CTI VP. “When we ask for their feedback, the fraud team is always pleased, and they think it's very actionable.”

In addition to the compromised card data, the financial institution incorporates intelligence from Recorded Future on card checker services and the tester merchants they use. Dark web marketplaces are known to use these services to determine if compromised cards are valid prior to posting them for sale, whereas criminals use card checker services for the same purpose prior to monetizing them. Recorded Future tracks major card checker services to identify the dozens of different tester merchants they use each week.

“The card checker data provides a critical feed that enables us to quickly see that fraud is about to occur,” says a fraud threat hunter at the institution. The identification of the tester merchants being used by card checker services helps the institution immediately raise the risk score of cards that are conducting low-dollar transactions or zero-dollar authorizations with known tester merchants.

A Measurable Reduction in Fraud Risk

“Using the checker data has been extremely helpful in trying to determine if there are those test charges on cards, which signals we need to go and take action,” says the fraud threat hunter.

Intelligence from Recorded Future has led to the identification of at least 2 times as many at-risk active customer payment cards as the institution’s manual collection efforts via other vendors’ dark web forum collections and peer-shared payment cards.

“We have really high confidence in Recorded Future — enough confidence to automate it. That’s Recorded Future’s big advantage: automation,” says the CTI VP. The CTI team has other vendors who scan the dark web, and from their intelligence, the team manually finds and reports stolen cards to fraud operations. “We find a lot of stolen cards manually and it's worth the human resources to do it, but that approach doesn't compete with the automation that comes from the highly actionable feeds that Recorded Future gives us.”

Recorded Future’s ability to prevent financial losses and improve cardholder experience has made an impact across the company. The CTI VP emphasizes, “Recorded Future has truly helped us to mitigate fraud, and many different stakeholders who have different missions and don’t always communicate very frequently, they can all come to an agreement that the intelligence provided has been really worthwhile for us.”

To see the full PDF, download here.

Related